U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Crypto

Insider Theft affects a tenth of Morgan Stanley Wealth Management Clients

Insider theft at Morgan Stanley affected nearly the ten percent of the company’s wealth management clients, the company officially confirmed the incident. The financial services company Morgan Stanley has confirmed a partial client data leak, the incident was confirmed by the firm in a statement published on its website. Morgan Stanley reported that an employee posted […]

Morgan Stanley

Insider theft at Morgan Stanley affected nearly the ten percent of the company’s wealth management clients, the company officially confirmed the incident.

The financial services company Morgan Stanley has confirmed a partial client data leak, the incident was confirmed by the firm in a statement published on its website. Morgan Stanley reported that an employee posted approximately 900 wealth management clients’ account information, including names and telephone numbers.

The data was discovered by bank staff on the Pastebin file sharing service, law enforcement suspect that the thief was looking to sell client information to criminal organizations specialized in the identity theft. The stolen data doesn’t include social security numbers and user’s passwords.

Earns Morgan Stanley

Morgan Stanley claims it has contacted the law enforcement and regulatory authorities that started the investigation on the case, meantime the firm announced that the wealth management employee involved “has been terminated.”

“While there is no evidence of any economic loss to any client, it has been determined that certain account information of approximately 900 clients, including account names and numbers, was briefly posted on the Internet.  Morgan Stanley detected this exposure and the information was promptly removed.
Overall, partial account information of up to 10 percent of all Wealth Management clients was stolen.  The data stolen does not include account passwords or social security numbers.  The Firm is taking the precaution of notifying all potentially affected clients and instituting enhanced security procedures including fraud monitoring on these accounts. ” reports the statement on the website.

Morgan Stanley has promptly removed the data from the web and is informing its clients on the incident, the company has quickly detected the compromise and have adopted all the necessary measured to mitigate the potential damage to its clients.

Morgan Stanley has identified the alleged culprit, its name is Galen Marsh, who may have been trying to offer the client data online.

Morgan Stanley MS +1.02% has a new kind of data breach: a rogue 30-year old employee named Galen Marsh. The bank said Monday it fired an employee who stole account information from up to 10% of its total wealth management clients, including account names and numbers.” reported Forbes.

It seems that Mr. Marsh accessed the data of approximately 350,000 wealth management clients in total. The man has stolen the precious information from internal systems without hacking them. This circumstance highlights the importance of properly segregate sensitive data, especially in the financial industry, and deploy systems to detect potential compromise of customer data.

“This is an employment matter between Mr. Marsh and Morgan Stanley. He has acknowledged that he should not have obtained the account information and has been cooperating with Morgan Stanley to protect the firm and its customers,” Robert C. Gottlieb, an attorney representing Marsh told Forbes in an emailed statement.

“To be clear, Mr. Marsh did not sell or ever intend to sell any account information to anyone.  He did not post the information on-line, he did not share any account information with anyone or use it for any personal financial gain.  He is devastated by what has occurred and is extremely sorry for his conduct,” Gottlieb added.

The FBI is currently investigating the data theft.

Pierluigi Paganini

(Security Affairs –  Morgan Stanley, data theft)